Global protection policies

This article explains how to create and manage global protection policies across multiple workspaces in the Coro console. Global protection policies enable MSP admin users with sufficient permissions to enforce consistent security settings across some or all customer workspaces, including device management, cloud security, endpoint protection, email security, and data governance. Centralizing policy management saves time, reduces configuration errors, and ensures uniform protection.

Coro allows you to add and manage policies from the Protection Policies page. You can’t remove policies that are still assigned to workspaces. This helps protect your environment from accidental misconfiguration.

note

If an MSP admin user enables the option to allow overrides of global policy settings when creating or editing a child workspace, any policy changes made by an admin user within that child workspace override the global protection policy for that workspace.

Accessing global protection policies

To access global Protection Policies:

  1. Sign in to the Coro console .
  2. Select Global view from the top of your console:

    Global view

  3. From the sidebar, select Control Panel to access Global Settings .
  4. Select Protection Policies :

    Global protection policies

    From this page, MSP admin users can view, create, assign, edit, duplicate, and remove protection policies.

Adding global protection policies

To add new global protection policies:

  1. From Protection Policies , select + ADD POLICY :

    Add policy

  2. In the General Information section, add a name and description for the policy:

    General info

  3. Select  Add policy , then choose the sections where you want to apply global protection policies. These sections include:
    • Cloud Security
    • Device Settings
    • Endpoint Data Governance
    • User Data Governance
    • Email Security
    • Endpoint Security

    Add policy

  4. If you add the Cloud Security section, set the number of days after which a user becomes inactive when not using a cloud application:

    Cloud Security policy

    For more information, see Cloud Security settings.

  5. If you add the Device Settings section:
    • Set the heartbeat interval
    • Enable or disable allowing agent uninstallation for specific devices
    • Enable or disable visibility mode for specific devices
    • Enable or disable user-based authentication for specific devices
    • Allow self-update to the latest stable version for specific devices

    Device settings policy

    For more information, see Device settings.

  6. If you add the Endpoint Data Governance section, select privacy sensitive data types for monitoring:

    EDG policy

    For more information, see Data privacy configuration.

  7. If you add the User Data Governance section:
    • Select privacy sensitive data types for monitoring
    • Select security and business sensitive data types for monitoring
    • Exclude emails from sensitive data scans based on keywords

    UDG policy

    For more information, see:

  8. If you add the Email Security section:
    • Select the threat types to scan for in emails
    • Select the sensitivity level for detecting email threats
    • Select for which attachment types to quarantine emails
    • Enable or disable allowing emails to bypass security for third-party Security Awareness Training
    • Enable or disable allowing emails with specific keywords in the subject line to bypass security
    • Select the quarantine folder
    • Restrict or allow message forwarding for Secure Messages
    • Set a message expiration period for Secure Messages

    Email Security policy

    For more information, see:

  9. If you add the Endpoint Security section :
    • Set device posture policies
    • Configure settings for device monitoring using the Coro Agent
    • Enable or disable Wi-Fi phishing detection

    Endpoint Security policy

    For more information, see:

  10. Select SAVE .

    Coro adds the global protection policy.

Applying global protection policies

After adding a global protection policy, you can apply it to specific workspaces.

note

If an MSP admin user enables the option to allow overrides of global policy settings when creating or editing a child workspace, any policy changes made by an admin user within that child workspace override the global protection policy for that workspace.

To apply a global protection policy:

  1. From the three-dot menu next to a global protection policy, select Apply policy :

    Apply policy button

    Coro displays the Apply global policy dialog:

    Apply policy

  2. Select the workspaces for which the policy should apply, then select APPLY .

    Coro applies the global protection policy to the selected workspaces.

Managing global protection policies

You can duplicate, edit, or remove a policy from the three-dot menu next to it. You can only remove a policy if no workspaces are assigned to it.